Chinese hackers breached the U.S. Treasury and stole documents.

Chinese state hackers breached the cybersecurity system of the U.S. Department of the Treasury and stole several documents. The agency described this incident as a "serious occurrence."

https://www.rbc.ua/ukr/news/kitayski-hakeri-zlamali-minfin-ssha-vkradeno-1735603976.html2024-12-31 07:49:52

Chinese state hackers have breached the cybersecurity system of the U.S. Department of the Treasury and stolen several documents. The agency described this event as a "serious incident."

This was reported by RBK-Ukraine citing Reuters.

The agency referred to a letter to lawmakers that Treasury officials provided to Reuters on Monday, December 30. It notes that the hackers compromised a third-party cybersecurity service provider, BeyondTrust, and gained access to non-classified documents.

According to the letter, the hackers accessed a key that was used by the provider to secure the cloud service. This key is used for remotely providing technical support to end users at Treasury branches.

"With access to the stolen key, the attackers were able to bypass the service's security system, gain remote access to certain workstations of Treasury users, and access specific non-classified documents stored by these users," the letter states.

The Treasury Department reported that it received notification of the breach from BeyondTrust on December 8 and is cooperating with the U.S. Cybersecurity and Infrastructure Security Agency and the FBI to assess the impact of the breach.

Meanwhile, a representative from the Chinese embassy in Washington denied any responsibility for the hack. He stated that Beijing "strongly opposes the defamatory attacks by the U.S. on China, which have no factual basis."

BeyondTrust is based in Johns Creek, Georgia. On its website, the company announced that it recently discovered a security incident affecting a limited number of clients using its remote support software. As a result of the incident, a digital key was compromised, and an investigation is currently underway.

Threat researcher at cybersecurity firm SentinelOne (S.N.), Tom Hegel, noted that the security incident described by BeyondTrust appears to be closely related to the reported breach at the Treasury. However, he warned that the company itself would need to confirm any connection.

"This incident fits into a well-documented pattern of actions associated with groups linked to the PRC (People's Republic of China - ed.), with a particular emphasis on abusing trusted third-party services - a method that has become increasingly prominent in recent years," he said.

Cyber Attacks on Ukraine and Western Countries

In recent years, cyberattacks have become one of the elements of the war between Russia and its Asian allies against European countries and the U.S.

On December 28, hackers launched an attack on the Italian Foreign Ministry and two airports in Milan. The pro-Russian group Noname057 claimed responsibility for the attack.

On December 19, Russian hackers carried out one of the largest cyberattacks on Ukraine. The attackers breached several Ukrainian state registries and downloaded all databases.

Additionally, in December 2023, hackers gained access to the DNA data of 7 million people from one of the American genetic testing companies.